<?php
//session_start();
//include_once $_SERVER['DOCUMENT_ROOT']."/math-videos/configure.inc.php";
//check if you have curl loaded
//echo $_REQUEST['json'];
if(!isset($valid_controller)||$valid_controller===false)
{
  return;
}
		
$timecode_sha1='';

//authertication user
$sqltext="select id as user_id , institute_id from users  WHERE username=? and password=?";
$params = array();

array_push($params,sql_escape($username));
array_push($params,sql_escape($password));
$result = db_select_query($conn2,$sqltext,$params);
$user_id='';
$institute_id='';
while($row = db_fetch_array($result))
{
	$user_id = $row['user_id'];
	$institute_id = $row['institute_id'];
}

if($user_id =='')
{
	//echo "HTTP/1.1 401 <br />";
	//echo "Date: ".gmdate('F j, Y, g:i:s')." GMT<br />";
	header('HTTP/1.1 401 Authorization Required');
//	echo "Location: https://api.mathinstitutes.org/metadata/v1/asset/2341<br />";
	echo "{\"error\": \"Authorization Required.\"}";
}
else
{
    //update asset table 
	$id= $assetID;
	$update_flag= false;			
	//check if user has right to upf=date this asset
	$sqltext="select title from asset WHERE id=? and institute_id = ?";
	$params = array();
	//echo "!!!!!!!!!!".$id."<br>";
	array_push($params,sql_escape($id));
	array_push($params,sql_escape($institute_id));
	$result = db_select_query($conn,$sqltext,$params);
	while($row = db_fetch_object($result))
	{
		foreach ($row as $key => $value) 
		{
			$update_flag= true;			
		}
	}
//	echo "!!!!!!!!!!".$update_flag."<br>";
	if($update_flag)
	{
		//end get info
		//check required fields
		
			$timecode_sha1='';
		
			$params = array();
			$sqltext="UPDATE asset SET ";
			
			$sqltext .="timecodeSHA1 =?";
			array_push($params,sql_escape($timecode_sha1));
			
			$sqltext .=" WHERE id=?";
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
		 // echo $id;
		 
			//update timecode
				//delete and insert again
			$sqltext="DELETE From timecode where asset_id=? ";
			$params = array();
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
			//add to api log
			$sqltext="INSERT INTO api_logs(query,added_date,user_id, institute_id,asset_id) values( ?, ?, ?,?,?)";
			$params = array();
			array_push($params,'Delete timecode');
			array_push($params,date("Y-m-d H:i:s"));
			array_push($params,sql_escape($user_id));
			array_push($params,sql_escape($institute_id));
			array_push($params,sql_escape($id));
			db_change_query($conn,$sqltext,$params);
		//	unset($result_array);
		//	$result_array['assetURL']=$site_http."metadata/v1/asset/".$id;
			header('HTTP/1.1 200 OK. Successful deletion of timecode data from asset');
		//	echo json_encode($result_array);
	}
	else
	{
		header('HTTP/1.1 403, 404  Specified Asset is not owned by authenticated user and cannot be deleted, or Asset Not Found Specified Asset was not found in the catalog.');
		//echo "Date: ".gmdate('F j, Y, g:i:s')." GMT<br />";
		//	echo "Location: https://api.mathinstitutes.org/metadata/v1/asset/2341<br />";
		echo "{\"error\": \"Permission required to update this timecode institute asset.\"}";
	}
	
}
?>